Cross-Site Scripting Vulnerability in Novell Identity Manager and Associated Modules
CVE-2011-2227
Currently unrated
Key Information:
- Vendor
Novell
- Vendor
- CVE Published:
- 8 October 2011
What is CVE-2011-2227?
A cross-site scripting (XSS) vulnerability exists in Novell Identity Manager's User Application and Roles Based Provisioning Module. This flaw permits remote attackers to inject arbitrary web scripts or HTML through the apwaDetail (apwaDetailId) parameter. Exploiting this vulnerability can allow attackers to execute malicious scripts in the context of a user's browser, potentially compromising sensitive information and user sessions.